dark

mkcert – Tool for Generating Self-Signed Certificates

The mkcert command is a tool for generating self-signed SSL/TLS certificates. This command is useful for developers who are working on local environments and need to generate SSL/TLS certificates for their applications without relying on third-party providers. This command generates certificates that are valid for local development and testing purposes only and are not trusted by any Certificate Authority.

Overview

The mkcert command generates self-signed certificates that can be used for local development and testing purposes. The command generates both the certificate and private key files in the current directory. The generated certificate is valid for the local domain name and can be used for HTTPS connections in the local environment. The command can also generate a CA certificate that can be used to sign other certificates.

Usage

To generate a self-signed certificate, run the following command:

mkcert example.com

This will generate two files in the current directory:

  • example.com.pem: The self-signed certificate file.
  • example.com-key.pem: The private key file.

To generate a CA certificate, run the following command:

mkcert -install

This will generate a CA certificate and install it in the system trust store. The generated CA certificate can be used to sign other certificates.

Use Cases

  • Generating SSL/TLS certificates for local development and testing purposes.
  • Generating CA certificates for signing other certificates.

Options

The mkcert command comes with the following options:

Option Description
-cert-file file Specifies the output file for the certificate.
-key-file file Specifies the output file for the private key.
-ecdsa Generates an ECDSA certificate instead of RSA.
-pkcs12 Generates a PKCS#12 file instead of separate certificate and key files.
-p12-file file Specifies the output file for the PKCS#12 file.
-client Generates a client certificate instead of a server certificate.
-server Generates a server certificate. This is the default.
-install Installs the CA certificate in the system trust store.

Troubleshooting Tips

  • If you encounter permission errors, try running the command with sudo.
  • If the generated certificate is not trusted by the browser, you may need to add the CA certificate to the browser’s trust store.

Notes

  • The generated certificates are valid for local development and testing purposes only and should not be used in production environments.
  • The generated CA certificate is not trusted by any Certificate Authority and should not be used for signing certificates in production environments.

Related commands